- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 9 Jan 2009 10:20:16 -0500
- To: ext Juan Carlos Cruellas <cruellas@ac.upc.edu>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Does this have implications for the deliverables of the XML Security WG? Are there requirements of XML Signature that are not met by the current XML Signature specification? regards, Frederick Frederick Hirsch Nokia On Jan 9, 2009, at 7:36 AM, ext Juan Carlos Cruellas wrote: > > Dear all, > > I am aware that the topic of this email could be a bit out of the > charter of this WG, but on the other side I think that it is the > right place for rising it, as the WG itself should be strongly > concerned by supporting the widespread of usage of XMLSig spec. > > The issue is as follows: I am currently member of the so called STF > (Specialist Task Force) 364 of ETSI, a project which has as major > goal the specification of the usage of Advanced Electronic > Signatures (XAdES and CAdES -CMS equivalent to XAdES) within pdf > framework. Including XAdES within pdf docs would immediately imply > the inclusion of XML Sig signatures within pdf docs. > > You may find the public web page of the project at: > > http://portal.etsi.org/stfs/STF_HomePages/STF364/STF364.asp > > > As you know, pdf documents specify mechanisms for incorporating a > CMS signature, but NOT XML Sig. > > Also, the so called XFA (XML Forms Architecture)allows the inclusion > of XML Sig for signing XML forms within the pdf framework, but only > this kind of forms. At present there are not standard means for > incorporating a XML Sig in other pdf documents. > > The STF-364 is looking for use cases that could justify the effort > of specifying standard mechanisms for allowing incorporation of XML > Sig signatures withih pdf documents other than XFA ones. > > As you all know well, pdf is one of the major electronic document > formats vastly used over the world, and missing the opportunity of > standardizing the usage of XML Sig would imply missing one of the > most relevant actors at the electronic document level. This > standardization would likely lead to a situation where major > developers of pdf compliant products could incorporate software for > signing and verifying pdf docs using XML Sig as currently happens > with CMS. > > In summary, if any of you could be so kind of providing relevant use > cases for signing pdf documents using XML Sig, these could be > presented to the aforementioned STF-364 group, which could then > consider the specification of a standard incorporation of XML Sig in > pdf documents and justify this effort based on such use cases. > > Thank you very much in advance for your kind help. > > Best regards > > Juan Carlos. >
Received on Friday, 9 January 2009 15:21:06 UTC